On 5 January 2026, hardware wallet provider Ledger informed users that customer data had been exposed via a breach at its payment processor Global-e. Names and contact information were accessed, while private keys, recovery phrases and on-chain funds reportedly stayed secure. The incident renews concerns about third-party vendor risks and the potential for targeted phishing attacks against crypto users.

Ledger said a data incident at its e-commerce partner Global-e was limited to the partner's systems and did not compromise Ledger's hardware or software. Global-e, which Ledger integrated in October 2023, saw unauthorized access to order data that exposed some customers' names and contact details, while payment information and account credentials were not affected.

Onchain investigator ZachXBT said a Coinbase support impersonation operation stole roughly $2 million in crypto, traced through onchain activity and social media artifacts. The FBI reported more than $16 billion in internet crime losses in 2024, underscoring the role of social engineering; Coinbase reiterates it never requests passwords, 2FA, seed phrases, or transfers to a safe address.

Starknet, an Ethereum layer-2 ZK-rollup used by DeFi and gaming applications, is undergoing a new bout of mainnet downtime in 2026 after a series of outages in 2025. The team said on X that engineers are investigating the disruption and working to restore services, with the latest incident lasting just over two hours at the time of writing, while the STRK token price remained largely unchanged.

On January 5, 2026, a phishing campaign impersonating MetaMask support pushed a fake two‑factor authentication process to harvest recovery phrases. SlowMist's CSO described the operation as highly polished, with look‑alike domains and branded emails. Although 2025's phishing losses fell from nearly $494 million to about $84 million, attackers are reappearing with refined tactics.

A phishing campaign targeting MetaMask users deploys a convincing 2FA-style workflow to capture wallet recovery phrases. According to SlowMist's chief security officer, attackers use near-identical domains and branded emails to impersonate MetaMask Support. The scheme underscores increasingly polished social engineering tactics despite reports of falling crypto phishing losses in 2025.

MetaMask said users were targeted by a 2FA verification phishing campaign, with emails instructing recipients to update credentials by January 4, 2026 or face limited wallet access. On January 5, SlowMist's 23pds flagged the scheme on social media, urging caution. Security firms Halborn and MailGuard have advised proactive anti-phishing processes and immediate deletion of suspicious messages.

Spending on Visa-issued crypto cards rose 525% across 2025, with net volume growing from $14.6 million in January to $91.3 million in December, per Dune Analytics. EtherFi’s card recorded $55.4 million for the year, ahead of Cypher at $20.5 million, while Visa expanded stablecoin support and launched a dedicated advisory team in mid-December.